[SOLVED] Who is user olad on Linux and what is it used for?

Anyone know why there is a user olad on Debian Stretch and why the need and what it does.

I cannot find anything about it searching online, and it eats resources at 4am in the morning. Never saw it before. is
e.g.

uuidd:x:122:131::/run/uuidd:/bin/false
wmaloader:x:123:132::/usr/lib/wmaloader:/bin/false
olad:x:124:65534::/usr/lib/olad:/bin/false
nbd:x:125:135::/etc/nbd-server:/bin/false
smbguest:x:1001:1001:Samba guest account:/dev/null:/dev/null
backup1:x:1002:1000:Samba guest account:/backup1:/dev/null
fcron:x:1003:1003:'fcron':/home/fcron:
clamav:x:126:136::/var/lib/clamav:/bin/false

It for olad software. The Open Lighting Project’s goal is to provide high quality, open source lighting control software for the entertainment lighting industry. For more info see:

  1. OLA Debian / Ubuntu - wiki.openlighting.org
  2. https://www.openlighting.org/

Dont know why I couldnt find it. Thanks a lot. I try not to post trivial things I can solve myself, I found OpenDNS to have strange missing search results in the past. Must be that.

That is okay. Forum is for searching and getting help.

I think it is malicious software with a valid application name
The software was clearly not installed as it refers to an installation folder that is non existing and given that it uses all resources at 4am in the morning.

$ ls /usr/lib/olad
ls: cannot access ‘/usr/lib/olad’: No such file or directory

Neither does “whereis” show any installation.

I’ve got a couple of strange ones too:-
_apt:x:124:65534::/nonexistent:/bin/false
geoclue:x:119:136::/var/lib/geoclue:/bin/false

I didn’t knowingly install these
/nonexistent is of course non-existent
/var/lib/geoclue is likewise non-existent!

The geoclue seems suspicious, but even if it wasnt, I dont know why it rerports folders that do not exist etc.
That looks really suspicious as it usually means a valid name process, but hijacked by something else. Another option is just misconfiguration by the distro packagers.
I removed everything that looked suspicious, and then see if I get trouble down the line. Usually I get no trouble, so I can only say that it is
suspicious in origin.
Usually thsese things are benign misconfigurations, but better to overreact in this case and assume suspicious.
Are you using ubuntu? If so look for `/usr/lib/geoclue.
It looks like a bad idea to have that running on a server or desktop without the need for gps. Cant see the benefit to the user.
On Debian stretch geoclue is an option installed as package name geoclue-2.0 but not installed by default.
I wont consider it necessary at all unless you make a life out of gps and location aware applications.

I’m using LMDE (Debian edition of Mint)
To find objects owned by _apt, I used sudo find / -user _apt which outputs:

/var/cache/apt/archives/partial
/var/lib/apt/lists/partial

So I’m going to blame Debian for this - although it seems a strange way of doing things.

Non zero (non root) account created for security reasons. Usually used in background by cron jobs and other services. This is a security feature and not a strange way of doing stuff under Linux or Unix-like systems.

HTH

The reason it appears peculiar is that a non-standard user name _apt is created to avoid giving two normally empty directories root access.
For some strange reason I don’t have a user called apt in my /etc/passwd - so why create _apt, when apt was already available for this purpose.

apt is a command and not a user. apt command run by root user by typing the command such as sudo apt update && sudo apt upgrade.

_apt is a user created in /etc/passwd for running background jobs, downloading files safety from the internet and so on:

grep _apt /etc/passwd

You can see file permissions using:

ls -ld /var/cache/apt/archives/partial
ls -ld /var/lib/apt/lists/partial

You can confirm that _apt user created by apt package by running:

grep -B2 -A2 _apt /var/lib/dpkg/info/apt.postinst
	# add unprivileged user for the apt methods
	adduser --force-badname --system --home /nonexistent  \
	    --no-create-home --quiet _apt || true

	# Fixup any mistake in the home directory of the _apt user
	if dpkg --compare-versions "$2" lt-nl 1.1~exp10~; then
	    usermod --home /nonexistent _apt
	fi

In short, nothing bad is going on there. You just don’t know where to lookup for info. HTH

1 Like